HP Data Protector Media Operations Server 'DBServer.exe' Remote Code Execution

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote service is affected by a remote code execution
vulnerability.

Description :

According to its version, the installation of HP Data Protector Media
Operations Server on the remote host allows an attacker to execute
arbitrary code on the affected host with SYSTEM privileges due to a
buffer overflow.

Note that the vendor reports only Windows installs are affected.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-112/
http://seclists.org/bugtraq/2011/Mar/220
http://www.nessus.org/u?5b3eef63

Solution :

Apply the SMO A.06.20.01 patch as described in the vendor advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 57862 ()

Bugtraq ID: 47004

CVE ID: CVE-2011-4791

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now